Merge branch 'master' of github.com:robertdebock/ansible-role-rsyslog

robertdebock · Jul 26, 2021 · fc383a8 · fc383a8
2 parents 6bd3939 + dc018e4
commit fc383a8
Show file tree

Hide file tree

Showing 5 changed files with 167 additions and 56 deletions.
diff --git a/README.md b/README.md
@@ -75,6 +75,16 @@ rsyslog_mods:
 # Configure rsyslog minimally (may be in conflict with custom configuration files)
 rsyslog_deploy_default_config: yes
 
+# Default rsyslogd rules
+rsyslog_default_rules:
+  - { rule: '*.info;mail.none;authpriv.none;cron.none', logpath: '/var/log/messages' }
+  - { rule: 'authpriv.*', logpath: '/var/log/secure' }
+  - { rule: 'mail.*', logpath: '-/var/log/maillog' }
+  - { rule: 'cron.*', logpath: '/var/log/cron' }
+  - { rule: '*.emerg', logpath: ':omusrmsg:*' }
+  - { rule: 'uucp,news.crit', logpath: '/var/log/spooler' }
+  - { rule: 'local7.*', logpath: '/var/log/boot.log' }
+
 # Use the (obsolete) legacy, pre-v6 configuration file format, or the more
 # modern # 'advanced' configuration file format available in v6 and up. The
 # default is to use the 'legacy' format to not change config files for
@@ -94,6 +104,17 @@ rsyslog_package_state: present
 # part from a name that is within the same domain as the receiving system is
 # stripped. If set to on, full names are always used.
 rsyslog_preservefqdn: false
+
+# Configure additional config files in /etc/rsyslog.d
+# Example:
+# rsyslog_rsyslog_d_files:
+#   000-splunk:
+#     content: |
+#       auth,authpriv.* action(type="omfwd"
+#                              target="splunk"
+#                              port="514"
+#                              protocol="tcp")
+rsyslog_rsyslog_d_files: []
 ```
 
 ## [Requirements](#requirements)

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -35,6 +35,16 @@ rsyslog_mods:
 # Configure rsyslog minimally (may be in conflict with custom configuration files)
 rsyslog_deploy_default_config: yes
 
+# Default rsyslogd rules
+rsyslog_default_rules:
+  - { rule: '*.info;mail.none;authpriv.none;cron.none', logpath: '/var/log/messages' }
+  - { rule: 'authpriv.*', logpath: '/var/log/secure' }
+  - { rule: 'mail.*', logpath: '-/var/log/maillog' }
+  - { rule: 'cron.*', logpath: '/var/log/cron' }
+  - { rule: '*.emerg', logpath: ':omusrmsg:*' }
+  - { rule: 'uucp,news.crit', logpath: '/var/log/spooler' }
+  - { rule: 'local7.*', logpath: '/var/log/boot.log' }
+
 # Use the (obsolete) legacy, pre-v6 configuration file format, or the more
 # modern # 'advanced' configuration file format available in v6 and up. The
 # default is to use the 'legacy' format to not change config files for
@@ -54,3 +64,14 @@ rsyslog_package_state: present
 # part from a name that is within the same domain as the receiving system is
 # stripped. If set to on, full names are always used.
 rsyslog_preservefqdn: false
+
+# Configure additional config files in /etc/rsyslog.d
+# Example:
+# rsyslog_rsyslog_d_files:
+#   000-splunk:
+#     content: |
+#       auth,authpriv.* action(type="omfwd"
+#                              target="splunk"
+#                              port="514"
+#                              protocol="tcp")
+rsyslog_rsyslog_d_files: []
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -42,6 +42,18 @@
   notify:
     - restart rsyslog
 
+- name: configuring additional config files
+  ansible.builtin.copy:
+    content: "{{ item.value.content | default('') }}"
+    dest: "/etc/rsyslog.d/{{ item.key }}.conf"
+    validate: "{{ 'rsyslogd -N1 -f %s' if item.value.validate | default(false) else 'true %s' }}"
+    owner: root
+    group: root
+    mode: 0440
+  with_dict: "{{ rsyslog_rsyslog_d_files }}"
+  when: item.value.state | default('present') == 'present'
+  notify: restart rsyslog
+
 - name: start and enable rsyslog
   ansible.builtin.service:
     name: "{{ rsyslog_service }}"

diff --git a/templates/advanced_rsyslog.conf.j2 b/templates/advanced_rsyslog.conf.j2
@@ -1,26 +1,13 @@
 {{ ansible_managed | comment }}
-# rsyslog configuration file
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
 
-# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
-# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
-# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
-
-#### GLOBAL DIRECTIVES ####
-
-# Where to place auxiliary files
-global(workDirectory="{{ rsyslog_work_directory }}")
-
-# Use default timestamp format
-module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
-
-# Include all config files in /etc/rsyslog.d/
-include(file="/etc/rsyslog.d/*.conf" mode="optional")
-
-{% if rsyslog_preservefqdn %}
-$PreserveFQDN on
-{% endif %}
 
+#################
 #### MODULES ####
+#################
 
 # Provides support for local system logging (e.g. via logger command)
 # And turns off message reception via local log socket;
@@ -31,28 +18,60 @@ $PreserveFQDN on
 # And provides file to store the position in the journal
 {{ '' if 'imjournal' in rsyslog_mods else '#' }}module(load="imjournal" StateFile="imjournal.state")
 
-# reads kernel messages (the same are read from journald)
+# provides kernel logging support
 {{ '' if 'imklog' in rsyslog_mods else '#' }}module(load="imklog")
 
 # provides --MARK-- message capability
 {{ '' if 'immark' in rsyslog_mods else '#' }}module(load="immark")
 
-# Provides access to specific log file
+# provides access to specific log file
 {{ '' if 'imfile' in rsyslog_mods else '#' }}module(load="imfile")
 
-# Provides UDP syslog reception
-# for parameters see http://www.rsyslog.com/doc/imudp.html
+# provides UDP syslog reception
 {{ '' if rsyslog_receiver is defined else '#' }}module(load="imudp") # needs to be done just once
 {{ '' if rsyslog_receiver is defined else '#' }}input(type="imudp" port="514")
 
-# Provides TCP syslog reception
-# for parameters see http://www.rsyslog.com/doc/imtcp.html
+# provides TCP syslog reception
 {{ '' if rsyslog_receiver is defined else '#' }}module(load="imtcp") # needs to be done just once
 {{ '' if rsyslog_receiver is defined else '#' }}input(type="imtcp" port="514")
 
-{% if rsyslog_deploy_default_config %}
-#### RULES ####
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
 
+#
+# Set the default permissions for all log files.
+#
+$FileCreateMode {{ rsyslog_filecreatemode }}
+$DirCreateMode {{ rsyslog_dircreatemode }}
+
+#
+# Where to place spool and state files
+#
+global(workDirectory="{{ rsyslog_work_directory }}")
+
+{% if rsyslog_preservefqdn %}
+#
+# Use FQDN (usefull when sending logs to another system)
+#
+$PreserveFQDN on
+{% endif %}
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+###############
+#### RULES ####
+###############
+{% if rsyslog_deploy_default_config %}
 # Log all kernel messages to the console.
 # Logging much else clutters up the screen.
 #kern.*                                                 /dev/console
@@ -67,7 +86,6 @@ authpriv.*                                              /var/log/secure
 # Log all the mail messages in one place.
 mail.*                                                  -/var/log/maillog
 
-
 # Log cron stuff
 cron.*                                                  /var/log/cron
 
@@ -79,10 +97,18 @@ uucp,news.crit                                          /var/log/spooler
 
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
-
+{% endif %}
+{% if rsyslog_default_rules is defined %}
+{% for item in rsyslog_default_rules %}
+{{ item.rule }} {{ item.logpath }}
+{% endfor %}
+{% endif %}
 
 {% if rsyslog_remote is defined %}
-# ### sample forwarding rule ###
+#########################
+#### FORWARDING RULE ####
+#########################
+
 action(type="omfwd"
 # # An on-disk queue is created for this action. If the remote host is
 # # down, messages are spooled to disk and sent when it is up again.
@@ -95,6 +121,5 @@ action(type="omfwd"
 # # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
 #Target="remote_host" Port="XXX" Protocol="tcp")
 Target="{{ rsyslog_remote }}" Port="{{ rsyslog_remote_port }}" Protocol="{{ 'tcp' if rsyslog_remote_tcp else 'udp' }}")
-{% endif %}
 # ### end of the forwarding rule ###
 {% endif %}
diff --git a/templates/legacy_rsyslog.conf.j2 b/templates/legacy_rsyslog.conf.j2
@@ -1,59 +1,84 @@
 {{ ansible_managed | comment }}
-# rsyslog configuration file
-
-# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
-# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
 
-{% if rsyslog_preservefqdn %}
-$PreserveFQDN on
-{% endif %}
 
+#################
 #### MODULES ####
+#################
 
 # The imjournal module bellow is now used as a message source instead of imuxsock.
 {{ '#' if not 'imuxsock'  in rsyslog_mods else '' }}$ModLoad imuxsock  # provides support for local system logging (e.g. via logger command)
 {{ '#' if not 'imjournal' in rsyslog_mods else '' }}$ModLoad imjournal # provides access to the systemd journal
-{{ '#' if not 'imklog'    in rsyslog_mods else '' }}$ModLoad imklog    # reads kernel messages (the same are read from journald)
+{{ '#' if not 'imklog'    in rsyslog_mods else '' }}$ModLoad imklog    # provides kernel logging support
 {{ '#' if not 'immark'    in rsyslog_mods else '' }}$ModLoad immark    # provides --MARK-- message capability
 {{ '#' if not 'imfile'    in rsyslog_mods else '' }}$ModLoad imfile    # provides access to specific log file
 
-# Provides UDP syslog reception
+# provides UDP syslog reception
 {{ '' if rsyslog_receiver is defined else '#' }}$ModLoad imudp
 {{ '' if rsyslog_receiver is defined else '#' }}$UDPServerRun 514
 
-# Provides TCP syslog reception
+# provides TCP syslog reception
 {{ '' if rsyslog_receiver is defined else '#' }}$ModLoad imtcp
 {{ '' if rsyslog_receiver is defined else '#' }}$InputTCPServerRun 514
 
+
+###########################
 #### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileCreateMode {{ rsyslog_filecreatemode }}
+$DirCreateMode {{ rsyslog_dircreatemode }}
 
-# Where to place auxiliary files
+#
+# Where to place spool and state files
+#
 $WorkDirectory {{ rsyslog_work_directory }}
 
-# Use default timestamp format
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+{% if rsyslog_preservefqdn %}
+#
+# Use FQDN (usefull when sending logs to another system)
+#
+$PreserveFQDN on
+{% endif %}
 
+#
 # File syncing capability is disabled by default. This feature is usually not required,
 # not useful and an extreme performance hit
+#
 #$ActionFileEnableSync on
 
-# Include all config files in /etc/rsyslog.d/
-$IncludeConfig /etc/rsyslog.d/*.conf
-
+#
 # Turn off message reception via local log socket;
 # local messages are retrieved through imjournal now.
+#
 {{ '#' if 'imuxsock' in rsyslog_mods else '' }}$OmitLocalLogging on
 
+#
 # File to store the position in the journal
+#
 {{ '#' if not 'imjournal' in rsyslog_mods else '' }}$IMJournalStateFile imjournal.state
 
-# Set mode for new files and directories
-$DirCreateMode {{ rsyslog_dircreatemode }}
-$FileCreateMode {{ rsyslog_filecreatemode }}
-
-{% if rsyslog_deploy_default_config %}
+###############
 #### RULES ####
-
+###############
+{% if rsyslog_deploy_default_config %}
 # Log all kernel messages to the console.
 # Logging much else clutters up the screen.
 #kern.*                                                 /dev/console
@@ -80,9 +105,18 @@ uucp,news.crit                                          /var/log/spooler
 
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
+{% endif %}
+{% if rsyslog_default_rules is defined %}
+{% for item in rsyslog_default_rules %}
+{{ item.rule }} {{ item.logpath }}
+{% endfor %}
+{% endif %}
 
+{% if rsyslog_remote is defined %}
+#########################
+#### FORWARDING RULE ####
+#########################
 
-# ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
 # forwarding rules, duplicate the whole block!
@@ -97,8 +131,6 @@ local7.*                                                /var/log/boot.log
 #$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
-{% if rsyslog_remote is defined %}
 {{ rsyslog_remote_selector }} {{ '@@' if rsyslog_remote_tcp else '@' }}{{ rsyslog_remote }}:{{ rsyslog_remote_port }}
-{% endif %}
 # ### end of the forwarding rule ###
 {% endif %}